Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Alicloud Ai Audio Livetranslate
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Alibaba Cloud live-translation helper, with the main caution that saved outputs may contain private meeting or call content.
Before installing or using this skill, confirm that meeting, call, or subtitle audio may be processed by Alibaba Cloud. Review anything saved under output/alicloud-ai-audio-livetranslate/, redact sensitive content when possible, and delete or protect saved payloads and summaries if they contain private transcripts or business information.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- This markdown file describes persisting translation session payloads and response summaries to disk, which could contain sensitive audio-derived text or metadata from meetings or calls. The skill description does not include any user warning about privacy, sensitive content handling, or reviewing what is saved before storage.
VirusTotal
65/65 vendors flagged this skill as clean.